fixed potential bug problem with pe header faking, added proper string checks when dealing with file names

Broihon · Broihon · commit ba4c2d563d42 · 2020-12-22T19:13:13.000+01:00
diff --git a/GH Injector Library/Error.h b/GH Injector Library/Error.h
@@ -65,6 +65,7 @@
 #define INJ_ERR_INVALID_PEB_DATA			0x0000002C	//internal error					: -						: peb data required to erase/fake header or unlike the module from the peb wasn't findable
 #define INJ_ERR_UPDATE_PROTECTION_FAILED	0x0000002D	//NtProtectVirtualMemory			: NTSTATUS				: updating the page protection of the pe header failed
 #define INJ_ERR_WOW64_NTDLL_MISSING			0x0000002E	//internal error					: -						: can't resolve address of the wow64 ntdll
+#define INJ_ERR_INVALID_PATH_SEPERATOR		0x0000002F	//internal error					: -						: can't find '\' in a path. '/' as seperators aren't supported.
 
 
 ///////////////////
diff --git a/GH Injector Library/Injection.cpp b/GH Injector Library/Injection.cpp
@@ -232,8 +232,27 @@ DWORD __stdcall InjectW(INJECTIONDATAW * pData)
 			return InitErrorStruct(szDllPath, pData, -1, INJ_ERR_STRINGC_XXX_FAIL, error_data);
 		}
 
-		wchar_t * pFileName = wcsrchr(pData->szDllPath, '\\') + 1;
-		memcpy(pFileName, new_name, sizeof(new_name));
+		wchar_t * pFileName = wcsrchr(pData->szDllPath, '\\');
+		if (!pFileName)
+		{
+			INIT_ERROR_DATA(error_data, (DWORD)hr);
+
+			return INJ_ERR_INVALID_PATH_SEPERATOR;
+		}
+		else
+		{
+			++pFileName;
+		}
+
+		auto size_delta = pFileName - pData->szDllPath;
+
+		hr = StringCbCopyW(pFileName, sizeof(pData->szDllPath) - size_delta, new_name);
+		if (FAILED(hr))
+		{
+			INIT_ERROR_DATA(error_data, (DWORD)hr);
+
+			return INJ_ERR_STRINGC_XXX_FAIL;
+		}
 
 		auto ren_ret = _wrename(OldFilePath, pData->szDllPath);
 		if (ren_ret)
diff --git a/GH Injector Library/Manual Mapping WOW64.cpp b/GH Injector Library/Manual Mapping WOW64.cpp
@@ -35,7 +35,17 @@ DWORD MMAP_WOW64::ManualMap_WOW64(const wchar_t * szDllFile, HANDLE hTargetProc,
 		return INJ_ERR_STRINGC_XXX_FAIL;
 	}
 
-	const wchar_t * pDllName = wcsrchr(szDllFile, '\\') + 1; 
+	const wchar_t * pDllName = wcsrchr(szDllFile, '\\');
+	if (!pDllName)
+	{
+		INIT_ERROR_DATA(error_data, (DWORD)hr);
+
+		return INJ_ERR_INVALID_PATH_SEPERATOR;
+	}
+	else
+	{
+		++pDllName;
+	}
 	
 	hr = StringCbLengthW(pDllName, sizeof(data.szNameBuffer), &len);
 	if (FAILED(hr))
diff --git a/GH Injector Library/Manual Mapping.cpp b/GH Injector Library/Manual Mapping.cpp
@@ -40,7 +40,17 @@ DWORD MMAP_NATIVE::ManualMap(const wchar_t * szDllFile, HANDLE hTargetProc, LAUN
 		return INJ_ERR_STRINGC_XXX_FAIL;
 	}
 
-	const wchar_t * pDllName = wcsrchr(szDllFile, '\\') + 1;
+	const wchar_t * pDllName = wcsrchr(szDllFile, '\\');
+	if (!pDllName)
+	{
+		INIT_ERROR_DATA(error_data, (DWORD)hr);
+
+		return INJ_ERR_INVALID_PATH_SEPERATOR;
+	}
+	else
+	{
+		++pDllName;
+	}
 
 	hr = StringCbLengthW(pDllName, sizeof(data.szNameBuffer), &len);
 	if (FAILED(hr))
